From 518e15603ba5e5b01dd2c19f42d555ef66903191 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 30 Jun 2021 09:59:07 +0000
Subject: Correct sigalg hash usage when signing content for client verify.

This was inadvertently broken during sigalgs refactoring.
---
 src/lib/libssl/ssl_clnt.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 4085fed39b..8864909c9e 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.106 2021/06/29 19:56:11 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.107 2021/06/30 09:59:07 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2323,7 +2323,6 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
 	CBB cbb_signature;
 	EVP_PKEY_CTX *pctx = NULL;
 	EVP_MD_CTX mctx;
-	const EVP_MD *md;
 	const unsigned char *hdata;
 	unsigned char *signature = NULL;
 	size_t signature_len, hdata_len;
@@ -2335,7 +2334,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
 		SSLerror(s, ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
-	if (!EVP_DigestSignInit(&mctx, &pctx, md, NULL, pkey)) {
+	if (!EVP_DigestSignInit(&mctx, &pctx, sigalg->md(), NULL, pkey)) {
 		SSLerror(s, ERR_R_EVP_LIB);
 		goto err;
 	}
-- 
cgit v1.2.3-55-g6feb